My api is escaping the unescaped user input I send it via ember-data. So when the data returned from the api is rendered, the text gets escaped twice resulting in html entities appearing in my text. What’s the proper way to handle this? Should the api not escape text and leave it up to Handlebars? Or is there a way to tell Ember that the text is already escaped?

IMHO The API should NOT escape text. It’s really the client’s job to ensure it doesn’t result in a XSS vulnerability. And it makes even less sense when you have alternate clients (mobile) consuming the API.

It’s not clear based your initial question if you were referring to WYSIWYG data or all text fields. If it’s the later, I would actually recommend you handle this at the ember-data level so that from the view/component/router/controller perspectives, the data is accurate (not-escaped).